package controller;

import helper.UserSession;

import java.util.ArrayList;
import java.util.List;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;

import databeans.Customer;
import databeans.Employee;
import model.CustomerDAO;
import model.Model;

public class CustomerChangePasswordAction extends Action{
    private CustomerDAO customerDAO;

    public CustomerChangePasswordAction(Model model) {
        customerDAO = model.getCustomerDAO();
    }
    
    public String getName() {
        return "customerChangePassword.do";
    }
    

    public String perform(HttpServletRequest request) {
        //ATTENTION
        // define target page
        //String loginPage = "customer/login-form.jsp";
    	String loginPage = "customer/customer-login.jsp";
        String dashboardPage = "customer/customer-dashboard.jsp";
        String originPage = "customer/customer-settings.jsp";
        String successPage = originPage; 
        
        //set the employee
        Employee employee = null;
        Customer customer = null;

        //errors and messages will be stored here
        //resetting those containers
        List<String> errors = new ArrayList<String>();
        List<String> messages = new ArrayList<String>();
   
        //define the error and message
        request.setAttribute("errors", errors);
        request.setAttribute("messages", messages);
        request.setAttribute("page", "change-pass");
        
        //get all the parameter from the form
        String requestType = request.getParameter("Submit");
        String currentPassword = request.getParameter("txtCurrentPassword");
        String newPassword = request.getParameter("txtNewPassword");
        String confirmPassword = request.getParameter("txtConfirmPassword");
        
        //reload the form field
        //No need to reload - DUH!
        //request.setAttribute("txtCurrentPassword", currentPassword);
        //request.setAttribute("txtNewPassword", newPassword);
        //request.setAttribute("txtConfirmPassword", confirmPassword);
 
        
        //check if employee has been logged in
        //request.getSession() will return the current session and if one does not exist, a new session will be cretaed.
        //request.getSession(true) will return the current session if one exists, if one doesn't exits a new one will be created.
        //So there is actually no difference between the two methods HOWEVER, if you use request.getSession(false), it will return the current session if one exists and if one DOES NOT exist a new one will NOT be cretaed.
        employee = UserSession.getLoggedInEmployee(request);
        if (employee != null) {
            request = UserSession.removeEmployeeFromSession(request);
            errors.add("This section is closed for employee");
            return loginPage ;
        }
        
        //check if customer has actually logged in
        customer =  UserSession.getLoggedInCustomer(request);
        if (customer == null) {
            errors.add("Please Login to access this section.");
            return loginPage;
        }
        
        //validate if user has necessary qualification
        //check the session

        // check for get or post request
        //if there is no parameter get passed, return to origin page
        if (requestType == null) {
            //messages.add("To change password, fill the below form");
            return originPage;     
        }
        
        //validate the input
        if (currentPassword.trim().equals("")) {
            //messages.add("Enter your current password");
            errors.add("Current password field is still empty");
            return originPage;
        }
        
        if (newPassword.trim().equals("")){
            //messages.add("Enter new password");
            errors.add("New password field is still empty");
            return originPage;
        }
        
        if (confirmPassword.trim().equals("")){
            //messages.add("Enter confirmation password");
            errors.add("Confirmation password field is still empty");
            return originPage;
        }
        
        if (!confirmPassword.trim().equals(newPassword.trim())){
            messages.add("Both new password and confirmation password must be the same");
            errors.add("New password and confirmation password are different");
            return originPage;
        }
        
        // at this stage, all validation should have been done
        try {
            
            //get the list of all customer         
            customer = UserSession.getLoggedInCustomer(request);
            
            if (customer == null) {
                //messages.add("Please make sure the username you have entered is correct");
                errors.add("User session coult not be retrieved");
                return loginPage;
            }

            // Check the password

            if (!customer.checkPassword(currentPassword)) {
                //messages.add("Please make sure the password you have entered is correct");
                errors.add("Current password is incorrect.");
                return originPage;
            }
            
            //change the password
            customerDAO.setPassword(customer.getUsername(), newPassword);
            
            // Attach (this copy of) the employee bean to the session
            HttpSession session = request.getSession(true); 
            session.setAttribute("customer", customer);
            
            //set the welcome message
            messages.add("Your password has been succesfully changed");
            return successPage;

        } catch (Exception e) {
            errors.add("Unable to change password. Try again later");
            return originPage;
        }

    }
}